e76df772a3b6365a6ce50b9f1082d5ff2852db9dea49d0ea505e984cff251995 | Triage

Sharing

General

Target

e76df772a3b6365a6ce50b9f1082d5ff2852db9dea49d0ea505e984cff251995
Size

228KB
Sample

221124-amz2gaeh42
MD5

4324aa4659212879d36d7052e3d0eceb
SHA1

56830b6ad0b5ad483b624bda5b734eccc42124a7
SHA256

e76df772a3b6365a6ce50b9f1082d5ff2852db9dea49d0ea505e984cff251995
SHA512

69afec1e4beb08b0329b5360c84bd9fbd8ace91d5bffb35f3327416ee972928a424429c8d49309973d66e662a949a99081b3eedd343beeb8fc65c6de7989f99a
SSDEEP

3072:OgZaPi5UYJVFV5eDQHsuvNA05Vqtto24VmcZMUuXi46qndrAxIbYpa:qO3JrLeDQHr+uV0to24VmlUuSvqdN

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  e76df772a3b6365a6ce50b9f1082d5ff2852db9dea49d0ea505e984cff251995
- Size
  
  228KB
- MD5
  
  4324aa4659212879d36d7052e3d0eceb
- SHA1
  
  56830b6ad0b5ad483b624bda5b734eccc42124a7
- SHA256
  
  e76df772a3b6365a6ce50b9f1082d5ff2852db9dea49d0ea505e984cff251995
- SHA512
  
  69afec1e4beb08b0329b5360c84bd9fbd8ace91d5bffb35f3327416ee972928a424429c8d49309973d66e662a949a99081b3eedd343beeb8fc65c6de7989f99a
- SSDEEP
  
  3072:OgZaPi5UYJVFV5eDQHsuvNA05Vqtto24VmcZMUuXi46qndrAxIbYpa:qO3JrLeDQHr+uV0to24VmlUuSvqdN
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence